3.4.1.REST API Security - Introduction

  • Application security

    • An attack can occur on almost any of these points

    • The attacker can attack the application and manipulate the data or steal the identity

    • The attacker can look at the abilities understand the abilities of the gateway and that will connect to the backend system

    • The attacker can bleach the firewall and go directly to the server

    • Bottom line is: think about security at every touch point in the API, not just API implementation

  • Mobile application concern

  • Data security

    • Always use TLS/ HTTPS for REST API

  • API security

    • Authentication

    • Authorization

    • Functional attacks

Last updated

Was this helpful?